1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
|
5 |
- --------------------------------------------------------------------------- |
6 |
GENTOO LINUX SECURITY ANNOUNCEMENT 200310-03 |
7 |
- --------------------------------------------------------------------------- |
8 |
|
9 |
PACKAGE : net-www/apache |
10 |
SUMMARY : buffer overflow |
11 |
DATE : Tue Oct 28 16:43:46 UTC 2003 |
12 |
EXPLOIT : local |
13 |
VERSIONS AFFECTED : <apache-1.3.29 |
14 |
FIXED VERSION : >=apache-1.3.29 |
15 |
CVE : CAN-2003-0542 (under review at time of GLSA) |
16 |
|
17 |
- --------------------------------------------------------------------------- |
18 |
|
19 |
Quote from <http://httpd.apache.org/dev/dist/Announcement>: |
20 |
|
21 |
This version of Apache is principally a bug and security fix release. |
22 |
A partial summary of the bug fixes is given at the end of this document. |
23 |
A full listing of changes can be found in the CHANGES file. Of |
24 |
particular note is that 1.3.29 addresses and fixes 1 potential |
25 |
security issue: |
26 |
|
27 |
o CAN-2003-0542 (cve.mitre.org) |
28 |
Fix buffer overflows in mod_alias and mod_rewrite which occurred if |
29 |
one configured a regular expression with more than 9 captures. |
30 |
|
31 |
We consider Apache 1.3.29 to be the best version of Apache 1.3 available |
32 |
and we strongly recommend that users of older versions, especially of |
33 |
the 1.1.x and 1.2.x family, upgrade as soon as possible. No further |
34 |
releases will be made in the 1.2.x family. |
35 |
|
36 |
|
37 |
SOLUTION |
38 |
|
39 |
It is recommended that all Gentoo Linux users who are running |
40 |
net-misc/apache 1.x upgrade: |
41 |
|
42 |
emerge sync |
43 |
emerge -pv apache |
44 |
emerge '>=net-www/apache-1.3.29' |
45 |
emerge clean |
46 |
/etc/init.d/apache restart |
47 |
|
48 |
|
49 |
// end |
50 |
|
51 |
-----BEGIN PGP SIGNATURE----- |
52 |
Version: GnuPG v1.2.3 (Darwin) |
53 |
|
54 |
iD8DBQE/vGZWnt0v0zAqOHYRAnnUAKCf7j5ZciPl2A/lfT2G6re9L0ZjugCfQGYk |
55 |
RyV+5R/BFsdAzsMYZp9dT8A= |
56 |
=ym4e |
57 |
-----END PGP SIGNATURE----- |